Abstract
In the context of the big data era, traditional network security protection technologies face the problem of insufficient response capabilities in detecting advanced persistent threats. The study aims to design a big data analysis method using deep learning algorithms to improve the ability to detect advanced persistent threats. The study uses ensemble learning, subgraph sampling, and thresholding to improve and optimize graph convolutional networks, in order to enhance their ability to detect traceability graphs. A preprocessing method for network logs is proposed to establish an advanced persistent threat detection model based on an improved graph convolutional network. The experimental results show that the improved graph convolutional network in the DARPA TC dataset (containing 153 samples, of which 30% are malicious samples) has an average detection accuracy of 94.9% for traceable graphs and 94% for node level intrusion detection. The average time for the research model to detect attacks is about 19 seconds, and the accuracy of detecting advanced persistent threat intrusions at the node level is 93.2%. The detection efficiency and accuracy are superior to other models. The research results provide a new technology and theoretical support for detecting network intrusions through large-scale network log data analysis, which plays an important role in enhancing network security defense capabilities.
References
Lagraa S, Husak M, Seba H, Vuppala S, State R, Ouedraogo M. A review on graph-based approaches for network security monitoring and botnet detection. International Journal of Information Security, 2024, 23(1):119–140.
Smiliotopoulos C, Kambourakis G, Barbatsalou K. On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs. International Journal of Information Security, 2023, 22(6):1893–1919.
Kumar R, Kela R, Singh S, Trujillo-Rasua R. APT attacks on industrial control systems: A tale of three incidents. International Journal of Critical Infrastructure Protection, 2022, 37(1):1–11.
Abu Al-Haija Q, Al Badawi A. High-performance intrusion detection system for networked UAVs via deep learning. Neural Computing and Applications, 2022, 34(13):10885–10900.
Amir B, Mehdi F M. APAE: an IoT intrusion detection system using asymmetric parallel auto-encoder. Neural computing & applications, 2023, 35(7):4813–4833.
Yang Y, Qi Y, Qi S. Relation-consistency graph convolutional network for image super-resolution. The visual computer, 2024, 40(2):619–635.
Mao C, Yao L, Luo Y. ImageGCN: Multi-Relational Image Graph Convolutional Networks for Disease Identification With Chest X-Rays. IEEE transactions on medical imaging, 2022, 41(8):1990–2003.
Aydin H E, Iban M C, Glade T. Predicting and analyzing flood susceptibility using boosting-based ensemble machine learning algorithms with SHapley Additive exPlanations. Natural Hazards, 2023, 116(3):2957–2991.
Panahnejad M, Mirabi M. APT-Dt-KC: advanced persistent threat detection based on kill-chain model. The Journal of Supercomputing, 2022, 78(6):8644–8677.
Sharma A, Gupta B B, Singh A K, Saraswat V K. A novel approach for detection of APT malware using multi-dimensional hybrid Bayesian belief network. International Journal of Information Security, 2023, 22(1):119–135.
Yan D, Xiaoqian J, Yejin K. Relational graph convolutional networks for predicting blood–brain barrier penetration of drug molecules. Bioinformatics, 2022, 38(10):2826–2831.
Shi S, Li J, Li G, Pan P, Chen Q, Sun Q. GPM: A graph convolutional network based reinforcement learning framework for portfolio management. Neurocomputing, 2022, 498(7):14–27.
Sheriff M, Rajagopal G. An enhanced ensemble machine learning classification method to detect attention deficit hyperactivity for various artificial intelligence and telecommunication applications. Computational Intelligence, 2022, 38:1327–1337.
Zou Y, Gao C, Xia M, Pang C. Credit scoring based on a Bagging-cascading boosted decision tree. Intell. Data Anal. 2022, 26(6):1557–1578.
Chen L, Zhang Q .DDGCN: graph convolution network based on direction and distance for point cloud learning. The visual computer, 2023, 39(3):863–873.
Zhu Z, Ma X, Wang W, Dong S, Wang K, Wu L, Luo G, Wang G, Li S. Boosting knowledge diversity, accuracy, and stability via tri-enhanced distillation for domain continual medical image segmentation. Medical image analysis, 2024, 94(1):103112–103112.
Dawson, J.K., Twum, F., Acquah, J.B.H. and Missah, Y.M. 2024. Cryptographic Solutions for Data Security in Cloud Computing: A Run Time Trend-based Comparison of NCS, ERSA, and EHS. Journal of Cyber Security and Mobility. 13, 02 (Feb. 2024), 265–282. https://doi.org/10.13052/jcsm2245-1439.1324.
Jiao J, Chen Z, Zhou T. Minimal Kapur cross-entropy-based image segmentation for distribution grid inspection using improved INFO optimization algorithm. Journal of supercomputing, 2024, 80(3):4309–4352.
Lehmoud, A.A.M., Slman, F.M., Mohamed, M.Q., Joda, F.A. and Aldulaimi, M.H. 2024. Addressing The Concern of Malicious Drone in The Internet of Drone Sixth Generation Mobile System Powered by WSNs Using Three Security Levels. Journal of Cyber Security and Mobility. 13, 6 (Nov. 2024), 1449–1466. https://doi.org/10.13052/jcsm2245-1439.13610.
Duan J, Luo Y, Zhang Z, Peng J. A heterogeneous graph-based approach for cyber threat attribution using threat intelligence. Proceedings of the 2024 16th International Conference on Machine Learning and Computing. 2024, 2(1):87–93.
Jing R, Jiang Z, Wang Q, Wang S, Hao L, Chen X. From Fine-Grained to Refined: APT Malware Knowledge Graph Construction and Attribution Analysis Driven by Multi-stage Graph Computation. International Conference on Computational Science. Cham: Springer Nature Switzerland, 2024, 1(14832):78–93.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2025 Journal of Cyber Security and Mobility